The scenario

You have a working and probably important email account on a popular email service.

One day you get a number of reports from people with whom you regularly exchange email complaining that they’ve received what looks like spam from you. In fact, some of that spam may even have included malware, and some of your contacts might be upset that their machine has become infected because of email that you sent.

Except that you didn’t send it.

Fearing the worst, that a hacker somehow has access to your email account, you back up your email and close the account with the expectation that the hacker will no longer have access to it.

And yet the spam continues. Closing didn’t help.

There are several reasons this might happen.

Reason 1: Your account was never hacked

There’s a very good chance that there was never anything wrong with your account and that it had not been hacked into.

In fact, I’ll go so far as to say that this is the most common scenario.

What most people don’t realize is that email is incredibly easy to fake. That means that it’s downright trivial for a spammer to make it look like an email came “From:” your email address without needing any kind of access to your account. It’s called “From: spoofing”, and if you look carefully most spam comes “From:” email addresses that actually have nothing to do with the spam at all. The sender has been completely faked.

So how did they get your contacts?

Three things come to mind:

Blind luck. With millions and millions of spam emails being sent every day, it’s very possible that your email address could have been faked on spam sent to someone you know, randomly.

Information leakage. For a while there was a way to determine some friend relationships on Facebook without needing to be logged in, exposing the email addresses of those friends. Any similar kind of data breach or leakage could expose similar relationships – even just communicating in a public forum where email addresses are exposed could do it. And of course, email in transit is also visible to all servers that it happens to land on, so information about who you’re mailing might well be something that could be harvested if the email servers themselves are somehow compromised.

It could be one of your contacts who was hacked. It could be the contact list from their account that was harvested by the spammers, and thus your email address could have been harvested from it and then used to fake “From:” lines in spam targeted at the other friends and contacts.

There’s really no 100% certain way to tell, but the first thing I would have you do is check the Sent Mail folder of your online account or web interface. If you see the spam in that folder indicating it was sent from your account, then indeed you’ve been hacked and should take all necessary steps to recover. If it’s not there, it’s not proof of anything, but I actually would not panic unless more evidence of an actual hack appears.

Reason 2: Hackers just reopen the account

When most people close their account in a panic, they simply go through the steps to close their account and nothing more.

If you do close your account you’ll often find that there’s an “out” – a way that, for some limited time, you can re-open the account should you later change your mind. And before you shake your head at the thought, I can assure you that you’d be surprised at how often people do change their minds.

The “I didn’t really mean it!” approach typically involves once again proving that you are the owner of the account, using your password and additional identity verification steps.

Sometimes it’s as simple as just logging into the account again after you’ve “closed” it.

Hackers know all this.

They often know that the account can be reopened. They often know, or have changed, the account validation and alternate contact information.

So, within moments of your closing the account, the hacker just re-opens it and resumes sending spam from it.

Reason 3: You reopen the account

As I mentioned above, sometimes just logging into the account is enough to cancel its closure.

Many accounts these days are more than just email. On that same account you may have messaging programs, calendars, online storage, photo sharing services, and much, much more.

If you cancel the email account, and then go log into another service that uses the same account ID and password, you probably re-activated the email account.

IF you intend to cancel the account, you have to forever walk away from everything associated with that account.

Otherwise the account may simply not be canceled.

Reason 4: Hackers don’t need your account any more

A common trick of hackers is to slip in to an account they’ve just hacked and steal the contents of the address book.

In that scenario, the damage has been done.

Even if you recover and completely secure the account, or even if you you really, truly cancel the account and it really, truly is and stays canceled:

Hackers can still send spam to all your contacts, because they’ve stolen them.

Hackers can even make spam look like it came from you, even though they are no longer using your account. As I mentioned above, “From:” spoofing is trivially easy.

So you might put a lot of time and mental energy into closing the account, and even if you’re successful … it solves nothing because the hackers left it behind long ago.

Reason 5: It’s now someone else’s account

If you successfully close an account, most services hold on to the account name (usually the email address) for “a while” – anywhere from a few days to a few months.

Then, they make it available for new account creation, since no one is using it.

Someone could (and if your email name is particularly desirable, almost certainly will) open a new account with the email address you left behind. No, they won’t have your data or your contacts, but they will now have your old email address.

They could get hacked. Heck, they could be spammers themselves. After really closing an account you lose all control over the email address, and you have no idea who might get it some day in the future.

Your old “closed” account could come back to haunt you.

What can you do?

Aside from not getting your account hacked in the first place, there’s almost nothing you can do.

Of course, if your account has been hacked, you need to recover it. Start here as quickly as you can: Email Hacked? 7 Things You Need to do NOW. But it may be too late; the hackers may have copied out all the information they need to keep spamming your friends and make it look like you.

What I can say is that closing your account isn’t going to help, and ultimately could make things even worse as you eventually relinquish all control over it.

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.

9 comments on “5 reasons your closed account still sends spam and what to do about it”

There are a few problems with closing email account even if it’s possible to really do it. 1 A long lost friend or relative may have that address and try to contact you.(It’s happened to me more than once, glad I check that one once a month to keep it open) 2. If someone innocently registers with your old email address, any email sent to you will go to them. My suggestion: get a new address but keep the old one and check it once a month.

I will extend Mark Jacobs’ suggestion.
Keep the old account with really weird, unguessable, information (was your mother’s maiden name actually ck39d$) for everything and save it so that you can get back in yourself. Then (if it is not a huge source of spam), set it to forward to a new account of yours.

By keeping it and changing ALL the information, you block the spammers from taking it back.

Another issue is that they may not have actually hacked your account. They may just be spoofing your address. Your friends may be seeing mail that looks like it is from you but isn’t. I get mail from “myself” all the time without my accounts being hacked.

I’ve been warning my friends and family for years about this. Many years ago I noticed spam emails being sent with warnings and alerts about questionable events and urgently urging the recipients to email everyone in their contacts, often including the sender. That’s it right there! If I was a spammer wanting to build a list of emails to target, I would come up with some crazy story like “wow, there’s a new scam going around where people at Walmart are getting ripped off and the cashiers are getting money from your account by adding a cash-back bla bla bla… Send this to all your contacts right away”. There has been thousands of made up articles and stories from religious subjects to missing children (pretty sad) sent out for the soul purpose of building a database of email addresses. Once they have your contacts, they can just spam them all while putting your email as the sender, it’s really that simple and easy. I usually to people to BCC (blind carbon copy) when sending emails to multiple recipients, this way they don’t get your list of email addresses. Aside from that, there’s not much else you can do to avoid this type of problem.

I have an older sister that is an avid user of FACEBOOK. She has EVERYONE in creation (including people that died 10 years ago) listed as Friends and Family. Now her Facebook account got hacked or so she thought, but in actuality one of her “Friends” just accessed her list of Friends.

You see where this leads?

EVERYONE on her list was bombarded with SPAM to and from everyone else on her list. Some even to and from themselves.

Since I don’t use Facebook and hadn’t since I registered, I simply de-activated my account. I did this long before my sister’s “hacking”. It was that I was getting requests from her list of friends inviting me to be their friends as well. I was getting 100’s of invitations daily.

For quite a few years I had my sisters eMail address on my browser’s SPAM list. She also had a habit of forwarding ALL of her eMails to ALL of her friends ALL of the time.

The point behind this story is that…….
You don’t need hackers for SPAM just a dumb friend and family member…………….Alan

Hello, i am wondering. My friend sended me once in every month a spam message for about six months, after that it stoped forever. I live in croatia and i asked him if he sended he said he did not. So he checked his send box and no strange messages and no delivery failure there. It seem that i am the only one recivening from him this spams. Because no one else has complained. He checked even resent activity email and nothing wrong. So he went to the full register of Facebook ip adresses and searched on everyone and nothing strange from a weird country of city. So his Facebook was never hacked even if he had the same password to email and Facebook. I assume this is a spoof but it is scary to think that it maybe was a hack. He can still log in and use his Facebook and email. We are very good friends on facebook comment pictures and that stuff. Should i be worry or not panic so much.

It’s likely that this email isn’t coming from your friend’s email account. Any spammer who know an email address can make it look like it is coming from that address.

If you’re *repeatedly* getting or sending spam that appears to be from or to a friend or contact it’s possible that the sending email account has been hacked or otherwise compromised. (Typically it’s NOT a virus.)

Thanks i feel a bit relived, i got about four messages in a period of 5-6 months and then it stopped and have not happend again in 4 years. He still uses the same account for hotmail and facebook. Facebook as I said was never hacked. We have changed e mails with each other. We did this again this year but nothing has happend like spam but i think it is a spoof like you said was likley. It was no evidence at all. Surley they would like to hack other sites i think like Facebook. He looked then on ip adresses 2012 and looked again 2016 and he said nothing strange ip adress from another city or country. It is so strange. Wouldnt they want to change password or do something more?

He dosent use his hotmail at all i will add. He dosent use it actively.

Leave a reply:

Before commenting please:

Read the article.

Comment on the article.

No personal information.

No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.